mirror of
https://github.com/valinet/ExplorerPatcher.git
synced 2025-01-25 15:43:42 +01:00
96 lines
4.7 KiB
YAML
96 lines
4.7 KiB
YAML
name: Duplicate malware/virus flags issues handler
|
|
|
|
on:
|
|
issues:
|
|
types: [opened]
|
|
|
|
jobs:
|
|
check_keywords:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Check for keywords in issue title and body
|
|
id: check_keywords
|
|
run: |
|
|
# Define the list of keywords
|
|
keywords=("Virus" "Malware" "trojan" "Windows Defender" "Antivirus" "bitdefender" "defender" "kaspersky" "unwanted" "harmful" "HackTool:Win64/ExplorerPatcher!MTB" "HackTool:Win64/Patcher!MSR" "HackTool" "Backdoor" "detection" "Norton" "Windows Security" "Win64:MalwareX-gen" "Microsoft Defender" "infected" "Potentially unwanted app found" "potentially unwanted software" "VIRUSTOTAL")
|
|
|
|
# Get the issue title and body from the event context
|
|
ISSUE_TITLE="${{ github.event.issue.title }}"
|
|
|
|
# Convert both title and body to lowercase for case-insensitive comparison
|
|
ISSUE_TITLE_LOWER=$(echo "$ISSUE_TITLE" | tr '[:upper:]' '[:lower:]')
|
|
|
|
# Check if any of the keywords are present in the title or body
|
|
for keyword in "${keywords[@]}"; do
|
|
# Convert the keyword to lowercase as well
|
|
KEYWORD_LOWER=$(echo "$keyword" | tr '[:upper:]' '[:lower:]')
|
|
|
|
if [[ "$ISSUE_TITLE_LOWER" == *"$KEYWORD_LOWER"* ]] || [[ "$ISSUE_BODY_LOWER" == *"$KEYWORD_LOWER"* ]]; then
|
|
echo "'$keyword' found"
|
|
echo "contains_keyword=true" >> $GITHUB_ENV
|
|
break
|
|
fi
|
|
done
|
|
|
|
- name: Comment, label, and close issue if keyword found
|
|
if: env.contains_keyword == 'true' # Only run if a keyword was found
|
|
run: |
|
|
ISSUE_NUMBER="${{ github.event.issue.number }}"
|
|
REPO="${{ github.repository }}"
|
|
|
|
# Define the body of the comment with Markdown formatting
|
|
COMMENT_BODY="> [!CAUTION]
|
|
><ins>**Microsoft and other major antivirus vendors have flagged ExplorerPatcher as \"malware\".**</ins> This is likely due to Microsoft's hatred against ExplorerPatcher, not because it contains a virus or such. Flags from Microsoft usually spread to other antivirus vendors.
|
|
|
|
Please include the following files and folders in your antivirus' exclusion list to prevent issues due to antivirus detections:
|
|
|
|
\`\`\`
|
|
C:\Program Files\ExplorerPatcher
|
|
%APPDATA%\ExplorerPatcher
|
|
C:\Windows\dxgi.dll
|
|
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy
|
|
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy
|
|
\`\`\`
|
|
|
|
For Defender, you can run the following script in PowerShell as an administrator:
|
|
|
|
\`\`\`
|
|
Add-MpPreference -ExclusionPath \"C:\Program Files\ExplorerPatcher\"
|
|
Add-MpPreference -ExclusionPath \"\$env:APPDATA\ExplorerPatcher\"
|
|
Add-MpPreference -ExclusionPath \"C:\Windows\dxgi.dll\"
|
|
Add-MpPreference -ExclusionPath \"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\"
|
|
Add-MpPreference -ExclusionPath \"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\"
|
|
\`\`\`
|
|
|
|
### **Failure to exclude ExplorerPatcher's files may result in inability to install/uninstall ExplorerPatcher and explorer.exe being unable to start.**
|
|
|
|
If you do not trust this process, please refrain from using ExplorerPatcher and look for alternatives instead.
|
|
|
|
Microsoft, if you are reading this, please reconsider the detections as [there are a lot of users who trust this program and that risks from future EP developers are a thing.](https://www.youtube.com/watch?v=R50myh-AAe0)
|
|
|
|
This issue was closed automatically. You want to discuss this in https://github.com/valinet/ExplorerPatcher/issues/3670."
|
|
|
|
# Escape the Markdown content for proper JSON formatting
|
|
COMMENT_BODY_ESCAPED=$(printf "%s" "$COMMENT_BODY" | jq -Rs .)
|
|
|
|
# Post a comment on the issue with formatted text
|
|
curl -X POST \
|
|
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
|
|
-d "{\"body\": $COMMENT_BODY_ESCAPED}" \
|
|
"https://api.github.com/repos/$REPO/issues/$ISSUE_NUMBER/comments"
|
|
|
|
# Add the "duplicate" label to the issue
|
|
curl -X POST \
|
|
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
|
|
-d '{"labels":["duplicate"]}' \
|
|
"https://api.github.com/repos/$REPO/issues/$ISSUE_NUMBER/labels"
|
|
|
|
# Close the issue
|
|
curl -X PATCH \
|
|
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
|
|
-d '{"state": "closed"}' \
|
|
"https://api.github.com/repos/$REPO/issues/$ISSUE_NUMBER"
|